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DETAILED ACTION 

Claims 1-7,14-16, and 19-24 have been considered. 



Specification 

5 The Specification is objected to in accordance with the 35 U.S.C. 112, first paragraph, rejection of 

claims 1-7,14-16, and 19-24. 



Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

10 The specification shall contain a written description of the invention, and of the manner and process of 

making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

15 

Claims 1-7,14-16, and 19-24 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to reasonably convey to one skilled in the relevant art that 
the inventor(s), at the time the application was filed, had possession of the claimed invention. 

20 More specifically, the amended claim limitation "wherein if the registered method of authentication 

is inaccessible, the user is enabled to select a different method of authentication for access to the 
restricted service" appears to be new matter. 

Applicant has cited that support for this claim amendment is can be found in the Specification at 
paragraphs 10 and 40. However, no such support is found. Paragraphs 10 and 40 appear to teach a 

25 system for enabling a user to select an authentication method. The system has a plurality of 

authentication methods, including smart card and PIN authentication, user identification and password, 
etc. A user may pre-select smart card and PIN authentication as his registered authentication method. If 
the user loses his smart card and/or forgets the PIN, then the user may be allowed (with certain 
identification and/or restrictions) to change the pre-selected authentication method to another method 

30 such as user identification and password (paragraphs [0010] and [0040]). 
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As is quite clear from the above, both smart card and PIN authentication and user identification 
and password and both accessible methods of authentication in the system. Though the user's 
registered method of authentication (smart card and PIN) is accessible in the disclosure above (and on 
paragraph [0040]), the user may wish to change registered methods of authentication out of fear that he 
5 may fail the accessible method of authentication. Accordingly, examiner finds no support for the 
amended limitation in paragraphs [0010] and [0040]. Careful consideration of the remainder of the 
Specification also reveals no support for the amended limitation. Appropriate correction or a specific 
reference to where the amended limitation is disclosed is required. 



10 Claims 2,6,20, and 22 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply with 

the written description requirement. The claim(s) contains subject matter which was not described in the 
specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor(s), 
at the time the application was filed, had possession of the claimed invention. Applicant has amended 
claims 2,6,20, and 22 to include that the authentication method may include a "handheld computing 

15 device and digital certificate". Careful review of applicant's Specification revealed no support for this 
authentication method. Appropriate correction or a specific reference to where this limitation is disclosed 
is required. 



Claim Rejections - 35 USC §102 



20 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 

the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
25 granted on an application for patent by another filed in the United States before the invention by the 

applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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Claims 1-4,14-16,19-24 rejected under 35 U.S.C. 102(e) as being anticipated by Hillhouse, U.S. 
Patent 6,052,468. 



As per claims 1,14-16,19,21, and 23, the applicant describes a method for facilitating the 
5 selection of at least one method of authentication for accessing a restricted service comprising the 
following limitations which are met by Hillhouse: 

a) enabling a user to select a method of authentication for access to the restricted service, 
wherein the restricted service requires a method of authentication in order to gain access to the restricted 
service (Col 6, lines 20-65); 
10 b) registering the user-selected method of authentication which facilitates the user's ability for 

gaining access to the restricted service (Col 6, lines 20-65); 

c) presenting the registered method of authentication as the method of authentication for access 
to the restricted service (Col 6, lines 20-65); 

d) wherein if the registered method of authentication is inaccessible, the user is enabled to select 
15 a different method of authentication for access to the restricted service (Col 6, lines 20-65). 



As per claims 2,20,22, and 24, the applicant describes the method of claims 1,19,21, and 23 
which are met by Hillhouse, with the following limitation which is also met by Hillhouse: 

Wherein the method of authentication includes at least one of user identification and password; 
20 user identification and pass-phrase; smart card and PIN; smart card and digital certificate; biometrics; 
sound verification; radio frequency and password; infrared and password; and handheld computing 
device and digital certificate (Col 5, lines 20-65). 

As per claim 3, the applicant describes the method of claim 1, which is met by Hillhouse, with the 
25 following limitation which is also met by Hillhouse: 

Further comprising the step of enabling the user to select more than one method of authentication 
for access to the restricted service (Col 7, lines 10-15); 
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Hillhouse discloses that more than one authentication method may be placed on the restricted 
data, such as password and biometrics. 



As per claim 4, the applicant describes the method of claim 1 , which is met by Hillhouse, with the 
following limitation which is also met by Hillhouse: 

Further comprising the step of registering the user-selected method of authentication as a 
minimum level of security for authentication for the user (Col 7, lines 10-15); 

Since a user can register more than one authentication method, the user sets a minimum level of 
security for authentication when only one method is selected. 

Claim Rejections - 35 (JSC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

1 5 (b) the invention was patented or described in a printed publication in this or a foreign country or in public 

use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 



10 



20 Claims 1-2,5-6,14-16,19-24 are rejected under 35 U.S.C. 102(b) as being anticipated by 

Stockwell, U.S. Patent No. 5,950,195. 

As per claims 1 ,5,14-16,1 9,21 , and 23, the applicant describes a method for facilitating the 
selection of at least one authentication method for accessing a restricted service comprising the following 
25 limitations which are met by Stockwell: 

a) enabling a user to select a method of authentication for access to the restricted service, 
wherein the restricted service requires a method of authentication in order to gain access to the restricted 
service (Col 6, lines 16-27); 
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b) registering the user-selected method of authentication which facilitates the user's ability for 
gaining access to the restricted service (Col 6, lines 16-65); 

c) presenting the registered method of authentication as the method of authentication for access 
to the restricted service (Col 6, lines 16-65); 

5 d) wherein if the registered method of authentication is inaccessible, the user is enabled to select 

a different method of authentication for access to the restricted service (Col 6, lines 16-65). 

As per claims 2,6,20,22, and 24, the applicant describes the method of claims 1,5,19,21, and 23 
which are met by Stockwell, with the following limitation which is also met by Stockwell: 
1 0 Wherein the method of authentication includes at least one of user identification and password; 

user identification and pass-phrase; smart card and PIN; smart card and digital certificate; biometrics; 
sound verification; radio frequency and password; infrared and password; and handheld computing 
device and digital certificate (Col 6, lines 16-27). 



15 As per claim 4, the applicant describes the method of claim 1, which is met by Stockwell, with the 

following limitation which is also met by Stockwell: 

Further comprising the step of registering the user-selected method of authentication as a 
minimum level of security for authentication for the user (Col 6, lines 16-27). 

The selected method of authentication is a minimum level of security for authentication because 
20 at least the selected method must be performed. 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for ail obviousness 

rejections set forth in this Office action: 

25 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 5-7 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hillhouse in view of 
Microsoft (Microsoft. Enabling and Configuring Authentication. 1999. 
www.freshinvest.com/iis/htm/core.iiauths.htm). 

5 

As per claim 5, the applicant describes a method for facilitating a user's selection of a minimum 
security level for authentication for a login into a system, comprising the following steps which are met by 
Hillhouse in view of Microsoft: 

a) querying the user to select at least one level of security for authentication by presenting a 
10 dialog box to the user (Microsoft: page 1); 

b) enabling the user to submit a user-selected level of security for authentication into the system 
by entering the user-selected level of security for authentication into the dialog box (Hillhouse: Col 6, lines 
20-65); 

c) registering the user-selected level of security for authentication into the system (Hillhouse: Col 
15 6, lines 20-65); 

d) presenting the registered level of security for authentication as the level of security for 
authentication for access to the restricted service (Hillhouse: Col 6, lines 20-65); 

e) wherein if the registered level of security for authentication is inaccessible, the user is enabled 
to select a different level of security for authentication for access to the restricted service (Hillhouse: Col 

20 6, lines 20-65): 

Hillhouse discloses all the limitations of parts b through e of the claim. However, Hillhouse does 
not disclose the use of a dialog box for selecting an authentication method. Microsoft discloses selecting 
an authentication method via an authentication methods dialog box. It would have been obvious to one of 
ordinary skill in the art at the time the invention was filed to combine the ideas of Microsoft with those of 
25 Hillhouse and use a dialog box because a dialog box is an organized way to present data to a user. 
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As per claims 6-7, the applicant describes the method of claim 5, which is met by Hillhouse in 
view of Microsoft, with the following limitation which is also met by Hillhouse: 

Wherein the user-selected level of security for authentication includes at least one of: user 
identification and password; user identification and pass-phrase; smart card and PIN; smart card and 
5 digital certificate; biometrics; sound verification; radio frequency and password; infrared and password; 
and handheld computing device and digital certificate (Hillhouse: Col 6, lines 20-65). 



Claims 3 and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable over Stockwell in view 
of Microsoft (Microsoft. Enabling and Configuring Authentication. 1999. 
10 www.freshinvest.com/iis/htm/core.iiauths.htm). 



As per claims 3 and 7, the applicant describes the method of claims 1 and 5, which are met by 
Stockwell, with the following limitation which is met by Microsoft: 

Further comprising the step of enabling the user to select more than one method of authentication 
15 for access to the restricted service (Microsoft: page 1); 

Stockwell discloses all the limitations of claims 1 and 5. However, Stockwell does not disclose 
the idea of selecting more than one authentication method. Microsoft discloses that more than one 
authentication method may be selected. It would have been obvious to one of ordinary skill in the art at 
the time the invention was filed to combine the ideas of Microsoft with those of Stockwell and use more 
20 than one authentication method for the purpose of increased security. 



Conclusion 

Applicant's arguments filed 12/5/05 with respect to the 102(e) rejection of claim 1 et ai under 
Hillhouse have been fully considered but they are not persuasive. Applicant argues that Hillhouse does 
25 not satisfy newly-amended limitation d of claims 1 et al: "wherein if the registered method of 

authentication is inaccessible, the user is enabled to select a different method of authentication for access 
to the restricted service". Examiner respectfully disagrees. 
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Hiilhouse discloses enabling a user to select and register a method of authentication for restricted 
access (parts a and b). Appropriate authentication according to the registered method allows a user to 
gain restricted access (part c). 

Further, Hiilhouse allows for porting on different systems supporting different user-authorisation 
5 methods wherein at least a method is common between the systems (Col 6, lines 20-24). For example, a 
user may wish to port key data secured through fingerprint data to a system supporting only password 
authentication. In order to accomplish this, a user may re-secure the key data such that password 
authentication must then be used to access the data (abstract, Col 6, lines 20-65). Accordingly, Hiilhouse 
discloses that wherein if the registered authentication method is inaccessible (for example in porting to 
10 another system that does not support the registered authentication method), the user is enabled to select 
a different method of authentication for access. 

As is quite clear from the above, Hiilhouse meets the newly-amended limitation d of claim 1 et al. 
Accordingly, the rejection is maintained. 

15 Applicant's arguments with respect to the 102(b) rejection of claim 1 et al under Stockwell have 

been fully considered but they are not persuasive. Applicant argues that Stockwell does not satisfy 
newly-amended limitation d of claims 1 et al: "wherein if the registered method of authentication is 
inaccessible, the user is enabled to select a different method of authentication for access to the restricted 
service". Examiner respectfully disagrees. 

20 More specifically, applicant presents the following argument: 

"Stockwell merely provides a list of allowed authentication methods, from which the user can choose, 
each time the user attempts to gain access (Col 6, lines 16-22). Stockwell does not even contemplate 
what would occur If the registered method of authentication is inaccessible'. Thus, Stockwell does not 
teach or suggest each and every element as set forth in claim 1" (see remarks, page 3). 

25 

Examiner respectfully submits that amended limitation d requires that IF the registered method of 
authentication is inaccessible, the user is enabled to select a different method of authentication for access 
to the restricted service. A system in which the registered method of authentication is never inaccessible 
may still meet the limitations of applicant's claimed invention because applicant's claimed invention only 
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calls for action taken ("the user is enabled to select a different method of authentication for access to the 
restricted service") IF a condition is present ("the registered method of authentication is inaccessible"). 

Assuming arguendo that applicant's statements are correct and Stockwell does not contemplate 
the condition "the registered method of authentication is inaccessible", such an argument does not 
5 preclude Stockwell from satisfying the limitations of applicant's claimed invention. Accordingly, 
applicant's argument does not overcome the rejection. 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
10 action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
15 shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 
20 be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 7:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
5 you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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